Beruflich Dokumente
Kultur Dokumente
EMC Data Domain Backup Recovery Systems Division 2421 Mission College Boulevard, Santa Clara, CA 95054 866-WE-DDUPE; 408-980-4800 775-2101-0001 Revision A October 8, 2012 EMC Data Domain Proprietary and Confidential
Copyright 2012 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC, Data Domain, and Global Compression are registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners.
Executive Summary
To facilitate the most effective and efficient functionality, most information technology systems utilize various forms of data storage. These may include Random Access Memory (RAM), Read-Only Memory (ROM), flash memory, virtual memory, and magnetic storage devices. Each form of storage maintains unique characteristics that may affect how customers protect information stored by the system. In particular, storage devices may retain data for a period of time after power ceases to be provided. In order to adequately protect application information, it is critical to understand all of the storage components and their memory volatility characteristics. This document provides the necessary information on which to base decisions about the response to security incidents and classified data spillage, declassification of systems, and regulatory compliance.
Introduction
Memory components are categorized as either volatile or non-volatile. Volatile memory includes Random Access Memory (RAM) such as Static RAM (SRAM) and Dynamic RAM (DRAM). Non-volatile memory includes Read-Only Memory (ROM), Electrically Erasable Programmable ROM (EEPROM), Non-Volatile RAM (NVRAM), and Flash memory devices. Because of their unique characteristics, systems may use a combination of memory types to maintain efficient and effective functionality. In order for customers to determine mitigation steps following a classified data spillage or to make decisions about steps that should be taken before declassifying a system, a solid understanding of the memory volatility specific to the product needs to be established and welldocumented.
Purpose
The purpose of this document is to provide users with knowledge about memory volatility within the system on which data security decisions can be made and, where appropriate, remediation steps that can be incorporated into user processes.
Scope
This document provides a description of memory storage components and their characteristics including, where appropriate, the method by which memory can be cleared. It is intended to provide product-specific memory volatility.
Product Description
This document covers only the EMC Data Domain DD990 system. The DD990 is an EMC Data Domain appliance running on product-specific hardware. The following tables provide information about types of memory. Table 1: Volatile Memory
Size User Function Modifiable (Y/N) Y System RAM: Highperformance, high-speed memory utilized for most system processes. CPU cache: Stores copies of the data from the most frequently used system RAM locations. Video RAM: Shared memory between integrated video subsystem and the system processors. BMC RAM: Data and code store utilized by a Baseboard Management Processor to perform system monitoring and control functions. Local Memory on NVRAM PCI Card: contains temporary storage of data and control information. Fibre Channel and SAS HBA Local Memory: Contains temporary storage of data and control information. These NICs and HBAs are optional products. Process to Clear Power off the system
16 or 32 8-GB DIMMs
N/A
SRAM in NVRAM PCI Card SRAM in Fibre Channel and SAS HBAs and NICs
2 x 8 KB
Table 2:
Non-Volatile Memory
Size User Function Modifiable (Y/N) N N Motherboard BIOS Memory: System Boot Code Motherboard CMOS Memory: Maintains real-time clock and motherboard configuration settings. BMC Firmware Memory: Baseboard Management Controller (BMC) Firmware and configuration memory LOM BIOS Memory: Contains LAN On Motherboard (LOM) boot code and configuration data. Power Supply Memory: Contains Vital Product Data (e.g. device part and serial numbers) Motherboard Vital Product Data memory (for example, device part and serial numbers) HDD Vital Product Data Memory (for example, device part and serial numbers) Fibre Channel HBA BIOS Memory: Contains HBA boot code, configuration information and Vital Product Data (for example, device part and serial numbers). This HBA is an optional product. SAS HBA Memory: Contains HBA BIOS boot code, configuration information and Vital Product Data (for example, device serial number). NIC Memory: Contains NIC BIOS boot code, configuration information and Vital Product Data (for example, device serial number). Process to Clear
16 MB 128 Bytes
Flash EEPROM
8 MB
Flash SEEPROM
256-512 KB N
Flash SEEPROM
4 x 8 KB
Flash SEEPROM
6 x 256 Bytes
Flash SEEPROM
Flash SEEPROM
Flash SEEPROM
2-8 KB
Flash SEEPROM
32-256 KB
Table 2:
Non-Volatile Memory
Size User Function Modifiable (Y/N) N NVRAM PCI Card: Contains Vital Product Data (for example, device part and serial numbers). NVRAM PCI Card: Contains a log of recent I/O data which may not yet have been committed to hard disk storage. Process to Clear
2 x 256 Bytes
2 x 2 GB
An orderly system shutdown or remove the batteries. (See specific hardware guides for location.)
Table 3:
Type (Disk, Tape, etc.)
Media Types
Size User Function Modifiable (Y/N) Y Appliance OS and configuration as well as general purpose data storage capacity. Process to Clear EMC Full Data Erasure based on sensitivity of data.
Disk Removable
N/A N/A
References
Industrial Security Field Operations (ISFO) Process Manual for Certification and Accreditation of Classified Systems under the National Industrial Security Programs Operating Manual (NISPOM), Revised March 1, 2010, Defense Security Service DoD 5220.22-M, National Industrial Security Program Operating Manual (NISPOM), United States Department of Defense. Revised February 28, 2006. www.dss.mil/isp/fac_clear/download_nispom.html ODAA Process Guide for C&A of Classified Systems under NISPOM Defense Security Service www.dss.mil/isp/odaa/request.html